我正在尝试创建一个S3存储桶,其策略禁止从特定的公共IP上传任何内容。它是用YAML编写的。下面是代码。不幸的是,我收到此错误:
指定的存储桶不存在。值区名称部分匹配。知道我缺少什么吗?
Resources:
TestS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: test4.test.bucket
TestS3BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: TestS3Bucket
PolicyDocument:
Version: 2012-10-17
Statement:
Sid: SingleIPAllow
Effect: Deny
Principal: "*"
Action: s3:PutObject
Resource: arn:aws:s3:::test4.test.bucket
Condition:
NotIpAddress:
aws:SourceIp: "***.***.***.***"
答案 0 :(得分:1)
BucketPolicy资源需要指向存储桶的引用。如果将CloudFormation模板更改为以下模板,则它应该可以工作。请注意TestS3BucketPolicies属性中的属性Bucket: !Ref TestS3Bucket。
Resources:
TestS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: test4.test.bucket
TestS3BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref TestS3Bucket // You need the !Ref here
PolicyDocument:
Version: 2012-10-17
Statement:
Sid: SingleIPAllow
Effect: Deny
Principal: "*"
Action: s3:PutObject
Resource: arn:aws:s3:::test4.test.bucket
Condition:
NotIpAddress:
aws:SourceIp: "***.***.***.***"